Black Duck Overview

Black Duck is the #5 ranked solution in our list of top Software Composition Analysis (SCA) tools. It is most often compared to WhiteSource: Black Duck vs WhiteSource

What is Black Duck?

Black Duck is a comprehensive solution for managing security, license compliance, and code quality risks that come from the use of open source in applications and containers. Named a leader in software composition analysis (SCA) by Forrester, Black Duck gives you unmatched visibility into third-party code, enabling you to control it across your software supply chain and throughout the application life cycle.

Black Duck is also known as Blackduck Hub, Black Duck Protex, Black Duck Security Checker.

Black Duck Buyer's Guide

Download the Black Duck Buyer's Guide including reviews and more. Updated: June 2021

Black Duck Customers

Samsung, Siemens, ScienceLogic, Noser Engineering AG, ClickFox, Dynatrace, CopperLeaf

Black Duck Video

Filter Archived Reviews (More than two years old)

Filter by:
Filter Reviews
Filter Unavailable
Company Size
Filter Unavailable
Job Level
Filter Unavailable
Filter Unavailable
Filter Unavailable
Order by:
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Showingreviews based on the current filters. Reset all filters
Consulting Partner, Cyber Security Delivery - Africa at DeltaGRiC Consulting
Useful for determining the health of applications that contain open source components

What is our primary use case?

We have been using this solution for between two and three years. We frequently use this solution for software composition analysis. We also use it for vulnerability assessment and operational risk assessment. This is usually for customers who want to do one-off assessments, trying to check open source components they are using in their build.

Pros and Cons

  • "It highlights what the developers have done, and it shows the impact from an intellectual property point of view."
  • "I would like to see more integration with other solutions, such as IntelliJ IDEA."

What other advice do I have?

This is a good solution. My advice to anybody interesting in implementing it is to be clear in their mind whether they want to go on a user-based model, or they want to do a code-based model. It can get tricky if your development team is growing rapidly. Maybe you started off with five developers and then the next year you are growing to ten. Then, in another year, there are fourteen or twenty. As you grow, a user-based model may not work for you so you might consider going with the code-based model. However, if you are working on multiple projects then you may consider the user-based model…
Buyer's Guide
Download our free Black Duck Report and get advice and tips from experienced pros sharing their opinions.